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method of operating an authenticating server system for 
authenticating Risers at client terminals connected via a data communications 
5 network, to control access to a document stored on a resource server, said method 
comprising performing the following steps in said server system: 
storing authentication details of authorised users; 

receiving authentication data for a user from a client terminal of the user, 
and validating said authentication data by reference to said stored authentication 
10 details; 

issuing an identifier for the user's terminal to said terminal for storage 
thereon, the identifier beinb transmitted in such a manner that the identifier is 
retransmitted by said user tenpninal with document requests directed at said resource 
server; 

1 5 storing status data indicating said identifier to be a validated identifier of a 

terminal of a currently authenticated user, in response to said authentication step; 
and 

enabling said resource seiVer to validate a request for said document from 
the user's terminal, which request ^includes said identifier, by checking said status 
20 data on receipt of said document request. 



2. A method according to \\a\m 1 , wherein said identifier is transmitted 
in a cookie to said user terminal. 



25 3. A method according to clainft 1 -©f-S, wherein said authentication step 

comprises receiving said identifier from sai\j user terminal with said authentication 
data. 



4. A method according to claim V3, wherein said authentication step 
30 comprises issuing a new identifier to said user tfprminal if said authentication data is 
invalid. 



5. 
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method according to claim 4, wherein said identifier comprises data 
indicating the nu^nber of times an invalid authenticator has been received from said 
user terminal. 



6. A method according to claim 5, wherein said method comprises 
issuing no further idenVfier to said user terminal if an identifier received from said 
user terminal indicates tloat a predetermined number of invalid authenticators have 
been received from said u^ser terminal. 
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7. 



A method according tc^ any preced i ng Gla i m , comprising timing out 



said identifier as an identifier\of a terminal of a currently authenticated user if no 
document request is received fr&m said user terminal for a predetermined period. 
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8. A method according\to a ny preceding ir tetffi, comprising authenticating 
1 5 said user for access to a plurality of Web servers located in the same Internet 
domain; and 

enabling each of said Web servers to validate document requests from the 
user's terminal, which requests include\said identifier, by checking said status data 
on receipt of a document request. 
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9. A method of operating ^n authenticating server system for 
authenticating users at client terminal^ remotely connected via a data 
communications network, to control access vp a plurality of resource servers, said 
method comprising performing the following st^ps in said server system: 
storing authentication details of authorised users; 
performing remote authentication of a Viser by reference to said stored 
authentication details and during said remote authentication step generating status 
data, distinguishing said user from other users whicf\are not currently authenticated, 
and a secret encryption key shared with said user; 

storing said status data in storage means accessible to said plurality of 
resource servers to check an authentication status of sa\j user by using an identifier 
for the user's terminal received in a service request; and 
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storing said shared secret key in a data store accessible by at least one of 
said resource servers for use during communications with said user. 

10. A method according to claim 9, wherein said authenticating step 
5 comprises issuing a challenge to the user's terminal, receiving a response to said 
challenge, and verifying sa\d response. 

^U^?C/ Ar^iethod according to claim 9 - or 10 , further comprising updating said 

(k — S I \ 

status data for an authenticated user following said storing step. 

10 

12. A metfitod according to claim 11, wherein said updating step is 
ifl performed in response t© a time-out associated with said status data. 

;P 13. A method according to claim 11, wherein said updating step is 

ig 15 performed in response to ac\ess by one of said resource servers to said status data. 

w r 14. A me\hod according to claim 12 or 13 , wherein said updating step is 
performed in respons^to a request by the user's terminal. 

0|3^ 20 15. A method>according to nny o f n lnims 9 to 14 , wherein said identifier is 

an IP address of the user'^terminal. 

16. A method according to claim 9, wherein said authentication step 
comprises issuing said identifier^ the user's terminal. 

J~7- A rftethod according to^a ny of ola i ms -9-4e-4-6, wherein said status data 
is stored in a data sV>re which said resource servers are each able to access. 

^18. A^rl^ethod according to^afty— uf e l dimbt 9 -te — W, wherein said 
Q^s 30 authentication detailsunclude data identifying the rights of access of individual users 
to one or more of said ^application servers. 
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19. An authenticating server system adapted to perform the method of 
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